Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2024-0031)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2024.0031

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2024-0031)

Resumen: The remote host is missing an update for the 'gnutls' package(s) announced via the MGASA-2024-0031 advisory.

Descripción: Summary:
The remote host is missing an update for the 'gnutls' package(s) announced via the MGASA-2024-0031 advisory.

Vulnerability Insight:
The updated packages fix security vulnerabilities:
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)
rejects a certificate chain with distributed trust. This issue occurs
when validating a certificate chain with cockpit-certificate-ensure.
This flaw allows an unauthenticated, remote client or attacker to
initiate a denial of service attack. (CVE-2024-0567)
A vulnerability was found in GnuTLS. The response times to malformed
ciphertexts in RSA-PSK ClientKeyExchange differ from response times of
ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a
remote attacker to perform a timing side-channel attack in the RSA-PSK
key exchange, potentially leading to the leakage of sensitive data.
CVE-2024-0553 is designated as an incomplete resolution for
CVE-2023-5981. (CVE-2024-0553)

Affected Software/OS:
'gnutls' package(s) on Mageia 9.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2024-0553
RHBZ#2258412
https://bugzilla.redhat.com/show_bug.cgi?id=2258412
RHSA-2024:0533
https://access.redhat.com/errata/RHSA-2024:0533
RHSA-2024:0627
https://access.redhat.com/errata/RHSA-2024:0627
RHSA-2024:0796
https://access.redhat.com/errata/RHSA-2024:0796
RHSA-2024:1082
https://access.redhat.com/errata/RHSA-2024:1082
RHSA-2024:1108
https://access.redhat.com/errata/RHSA-2024:1108
http://www.openwall.com/lists/oss-security/2024/01/19/3
https://access.redhat.com/security/cve/CVE-2024-0553
https://gitlab.com/gnutls/gnutls/-/issues/1522
https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/
https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html
https://security.netapp.com/advisory/ntap-20240202-0011/
Common Vulnerability Exposure (CVE) ID: CVE-2024-0567
RHBZ#2258544
https://bugzilla.redhat.com/show_bug.cgi?id=2258544
https://access.redhat.com/security/cve/CVE-2024-0567
https://gitlab.com/gnutls/gnutls/-/issues/1521

Copyright Copyright (C) 2024 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2024.0031
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2024-0031)
Resumen:	The remote host is missing an update for the 'gnutls' package(s) announced via the MGASA-2024-0031 advisory.
Descripción:	Summary: The remote host is missing an update for the 'gnutls' package(s) announced via the MGASA-2024-0031 advisory. Vulnerability Insight: The updated packages fix security vulnerabilities: A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack. (CVE-2024-0567) A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981. (CVE-2024-0553) Affected Software/OS: 'gnutls' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-0553 RHBZ#2258412 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 RHSA-2024:0533 https://access.redhat.com/errata/RHSA-2024:0533 RHSA-2024:0627 https://access.redhat.com/errata/RHSA-2024:0627 RHSA-2024:0796 https://access.redhat.com/errata/RHSA-2024:0796 RHSA-2024:1082 https://access.redhat.com/errata/RHSA-2024:1082 RHSA-2024:1108 https://access.redhat.com/errata/RHSA-2024:1108 http://www.openwall.com/lists/oss-security/2024/01/19/3 https://access.redhat.com/security/cve/CVE-2024-0553 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/ https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.netapp.com/advisory/ntap-20240202-0011/ Common Vulnerability Exposure (CVE) ID: CVE-2024-0567 RHBZ#2258544 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://access.redhat.com/security/cve/CVE-2024-0567 https://gitlab.com/gnutls/gnutls/-/issues/1521
Copyright	Copyright (C) 2024 Greenbone AG